BASH   86

rc firewall

Guest on 30th June 2022 04:03:21 PM

  1. #!/bin/sh
  2. #
  3. # - Resets iptables to default values.
  4. #
  5.  
  6. IPTABLES=3D"/sbin/iptables"=20
  7.  
  8. #
  9. # reset the default policies in the filter table.
  10. #
  11. $IPTABLES -P INPUT ACCEPT
  12. $IPTABLES -P FORWARD ACCEPT
  13. $IPTABLES -P OUTPUT ACCEPT=20
  14. #
  15. # reset the default policies in the nat table.
  16. #
  17. $IPTABLES -t nat -P PREROUTING ACCEPT
  18. $IPTABLES -t nat -P POSTROUTING ACCEPT
  19. $IPTABLES -t nat -P OUTPUT ACCEPT=20
  20. #
  21. # reset the default policies in the mangle table.
  22. #
  23. $IPTABLES -t mangle -P PREROUTING ACCEPT
  24. $IPTABLES -t mangle -P OUTPUT ACCEPT=20
  25. #
  26. # flush all the rules in the filter and nat tables.
  27. #
  28. $IPTABLES -F
  29. $IPTABLES -t nat -F
  30. $IPTABLES -t mangle -F
  31. #
  32. # erase all chains that's not default in filter and nat table.
  33. #
  34. $IPTABLES -X
  35. $IPTABLES -t nat -X
  36. $IPTABLES -t mangle -X
  37.  
  38. #IP MASQ AND FORWARDING
  39.  
  40. echo 1 > /proc/sys/net/ipv4/ip_forward
  41. echo 1 > /proc/sys/net/ipv4/ip_dynaddr
  42. $IPTABLES --table nat --append POSTROUTING --out-interface eth0 -j =
  43. MASQUERADE
  44. $IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
  45.  
  46. $IPTABLES --append FORWARD --in-interface eth1 -j ACCEPT
  47.  
  48. # loopback rules
  49.  
  50. $IPTABLES -A INPUT -i lo -p all -j ACCEPT
  51. $IPTABLES -A OUTPUT -o lo -j ACCEPT
  52.  
  53. #OPEN PORTS ON ETH0 (EXTERIOR)=20
  54.  
  55. $IPTABLES -A INPUT -i eth0 -s 0/0 -d 0/0 -p tcp --dport 22 -j ACCEPT
  56. $IPTABLES -A INPUT -i eth0 -s 0/0 -d 0/0 -p udp --dport 22 -j ACCEPT
  57. $IPTABLES -A INPUT -i eth0 -s 0/0 -d 0/0 -p tcp --dport 80 -j ACCEPT
  58. $IPTABLES -A INPUT -i eth0 -s 0/0 -d 0/0 -p udp --dport 80 -j ACCEPT
  59. $IPTABLES -A INPUT -p tcp --syn -s 192.168.1.0/24
  60.  
  61. #LAN RULES
  62.  
  63. $IPTABLES -A INPUT -i eth1 -j ACCEPT
  64. $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  65.  
  66. #BLOCKED PORTS
  67.  
  68. $IPTABLES -A INPUT -p tcp -s 0/0 -d 0/0 --dport 6000:6009 -j DROP
  69. $IPTABLES -A INPUT -p tcp -s 0/0 -d 0/0 --dport 515 -j DROP
  70. $IPTABLES -A INPUT -p udp -s 0/0 -d 0/0 --dport 515 -j DROP=20
  71. $IPTABLES -A INPUT -p all -s localhost  -i eth1 -j ACCEPT
  72. $IPTABLES -A INPUT -p tcp -s 0/0 -d 0/0 --dport 10000 -j DROP
  73. $IPTABLES -A INPUT -p udp -s 0/0 -d 0/0 --dport 10000 -j DROP
  74. $IPTABLES -A INPUT -p TCP -i eth0 -d 0/0 --dport 137:139 -j DROP
  75.  
  76. # NAT Rules
  77.  
  78. #WEB SERVER IN LAN
  79. $IPTABLES -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT =
  80. --to-destination 192.168.1.1:80
  81.  
  82. # PC anywhere Rules
  83. # WIN HOST INSIDE THE LAN.
  84.  
  85. $IPTABLES -t nat -A PREROUTING -p tcp -i eth0 --dport 5631 -j DNAT =
  86. --to-destination 192.168.1.100:5631
  87. $IPTABLES -t nat -A PREROUTING -p udp -i eth0 --dport 5631 -j DNAT =
  88. --to-destination 192.168.1.100:5631
  89.  
  90. $IPTABLES -t nat -A PREROUTING -p tcp -i eth0 --dport 5632 -j DNAT =
  91. --to-destination 192.168.1.100:5632
  92. $IPTABLES -t nat -A PREROUTING -p udp -i eth0 --dport 5632 -j DNAT =
  93. --to-destination 192.168.1.100:5632
  94.  
  95.  
  96. #$IPTABLES -A INPUT -j DROP

Raw Paste


Login or Register to edit or fork this paste. It's free.